On Wed, Dec 18, 2024 at 3:07 AM Peter Thomassen <pe...@desec.io> wrote:
> > Multi-signer capabilities on both systems are only needed if one can't > import the old system's signatures into the new one (e.g., when > online-signing), or if one wants to make zone changes during the transition. > And yet, those are both critical features for many folks. It would certainly rule out many zones I operate - that use dynamic signing, and that are highly volatile (hundreds of updates per minute and where we cannot suspend updates for any period of time). Our protocol mechanisms should be able to address all possible use cases deployed in the field, not a subset. Even if we limit this particular discussion to TLDs, there are now TLDs that do online signing (GOV was already mentioned). Shumon.
_______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
